summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorLulu Cathrinus Grimalkin <me@erkin.party>2021-12-16 17:32:24 +0300
committerGitHub <noreply@github.com>2021-12-16 17:32:24 +0300
commit9737a55f6dde490e7fdf1c9d5c5733e48c94d141 (patch)
treed2c24363d921490bcef5cb3efb70ae794fbe22a5 /data/templates
parent95b91627a6065b720365c9ae7d124d85fc8e493d (diff)
parent55f8ede2d09a9ad095f9ec5c2a729f8c5fb6aafa (diff)
downloadvyos-1x-9737a55f6dde490e7fdf1c9d5c5733e48c94d141.tar.gz
vyos-1x-9737a55f6dde490e7fdf1c9d5c5733e48c94d141.zip
Merge branch 'vyos:current' into current
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl18
-rw-r--r--data/templates/dns-forwarding/recursor.conf.tmpl3
-rw-r--r--data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl6
-rw-r--r--data/templates/dns-forwarding/recursor.zone.conf.tmpl7
-rw-r--r--data/templates/frr/bfdd.frr.tmpl26
-rw-r--r--data/templates/frr/bgpd.frr.tmpl39
-rw-r--r--data/templates/frr/isisd.frr.tmpl3
-rw-r--r--data/templates/frr/ldpd.frr.tmpl99
-rw-r--r--data/templates/frr/ospf6d.frr.tmpl3
-rw-r--r--data/templates/frr/ospfd.frr.tmpl3
-rw-r--r--data/templates/https/nginx.default.tmpl4
-rw-r--r--data/templates/https/override.conf.tmpl15
-rw-r--r--data/templates/netflow/uacctd.conf.tmpl3
-rw-r--r--data/templates/vrrp/keepalived.conf.tmpl3
14 files changed, 162 insertions, 70 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 238e7ee15..0a8e0079b 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -108,19 +108,17 @@ ac-name={{ access_concentrator }}
{% if iface_config.vlan_id is not defined and iface_config.vlan_range is not defined %}
interface={{ iface }}
{% endif %}
-{% if iface_config.vlan_id is defined and iface_config.vlan_range is not defined %}
-{% for vlan in iface_config.vlan_id %}
-interface={{ iface }}.{{ vlan }}
-vlan-mon={{ iface }},{{ vlan }}
+{% if iface_config.vlan_range is defined %}
+{% for regex in iface_config.regex %}
+interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$
{% endfor %}
-{% endif %}
-{% if iface_config.vlan_range is defined and iface_config.vlan_id is not defined %}
vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }}
-interface=re:{{ iface | replace('.', '\\.') }}\.\d+
{% endif %}
-{% if iface_config.vlan_id is defined and iface_config.vlan_range is defined %}
-vlan-mon={{ iface }},{{ iface_config.vlan_id | join(',') }},{{ iface_config.vlan_range | join(',') }}
-interface=re:{{ iface | replace('.', '\\.') }}\.\d+
+{% if iface_config.vlan_id is defined %}
+{% for vlan in iface_config.vlan_id %}
+vlan-mon={{ iface }},{{ vlan }}
+interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$
+{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl
index d44f756e8..02efe903b 100644
--- a/data/templates/dns-forwarding/recursor.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.conf.tmpl
@@ -31,5 +31,8 @@ dnssec={{ dnssec }}
# serve rfc1918 records
serve-rfc1918={{ 'no' if no_serve_rfc1918 is defined else 'yes' }}
+# zones
+auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %}
+
forward-zones-file=recursor.forward-zones.conf
diff --git a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
index 784d5c360..7f29c387e 100644
--- a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
+++ b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
@@ -22,3 +22,9 @@ addNTA("{{ zone }}", "static")
{% endfor %}
{% endif %}
+{% if authoritative_zones is defined %}
+-- from 'service dns forwarding authoritative-domain'
+{% for zone in authoritative_zones %}
+addNTA("{{ zone }}", "static")
+{% endfor %}
+{% endif %}
diff --git a/data/templates/dns-forwarding/recursor.zone.conf.tmpl b/data/templates/dns-forwarding/recursor.zone.conf.tmpl
new file mode 100644
index 000000000..758871bef
--- /dev/null
+++ b/data/templates/dns-forwarding/recursor.zone.conf.tmpl
@@ -0,0 +1,7 @@
+;
+; Autogenerated by dns_forwarding.py
+;
+;
+{% for r in records %}
+{{ r.name }} {{ r.ttl }} {{ r.type }} {{ r.value }}
+{% endfor %}
diff --git a/data/templates/frr/bfdd.frr.tmpl b/data/templates/frr/bfdd.frr.tmpl
index c14939677..439f79d67 100644
--- a/data/templates/frr/bfdd.frr.tmpl
+++ b/data/templates/frr/bfdd.frr.tmpl
@@ -6,13 +6,16 @@ bfd
detect-multiplier {{ profile_config.interval.multiplier }}
receive-interval {{ profile_config.interval.receive }}
transmit-interval {{ profile_config.interval.transmit }}
-{% if profile_config.interval['echo-interval'] is defined and profile_config.interval['echo-interval'] is not none %}
- echo transmit-interval {{ profile_config.interval['echo-interval'] }}
- echo receive-interval {{ profile_config.interval['echo-interval'] }}
+{% if profile_config.interval.echo_interval is defined and profile_config.interval.echo_interval is not none %}
+ echo transmit-interval {{ profile_config.interval.echo_interval }}
+ echo receive-interval {{ profile_config.interval.echo_interval }}
{% endif %}
-{% if profile_config['echo-mode'] is defined %}
+{% if profile_config.echo_mode is defined %}
echo-mode
{% endif %}
+{% if profile_config.passive is defined %}
+ passive-mode
+{% endif %}
{% if profile_config.shutdown is defined %}
shutdown
{% else %}
@@ -24,16 +27,23 @@ bfd
{% endif %}
{% if peer is defined and peer is not none %}
{% for peer_name, peer_config in peer.items() %}
- peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }}
+ peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }} {{ ' vrf ' + peer_config.vrf if peer_config.vrf is defined and peer_config.vrf is not none }}
detect-multiplier {{ peer_config.interval.multiplier }}
receive-interval {{ peer_config.interval.receive }}
transmit-interval {{ peer_config.interval.transmit }}
-{% if peer_config.interval['echo-interval'] is defined and peer_config.interval['echo-interval'] is not none %}
- echo-interval {{ peer_config.interval['echo-interval'] }}
+{% if peer_config.interval.echo_interval is defined and peer_config.interval.echo_interval is not none %}
+ echo transmit-interval {{ peer_config.interval.echo_interval }}
+ echo receive-interval {{ peer_config.interval.echo_interval }}
{% endif %}
-{% if peer_config['echo-mode'] is defined %}
+{% if peer_config.echo_mode is defined %}
echo-mode
{% endif %}
+{% if peer_config.passive is defined %}
+ passive-mode
+{% endif %}
+{% if peer_config.profile is defined and peer_config.profile is not none %}
+ profile {{ peer_config.profile }}
+{% endif %}
{% if peer_config.shutdown is defined %}
shutdown
{% else %}
diff --git a/data/templates/frr/bgpd.frr.tmpl b/data/templates/frr/bgpd.frr.tmpl
index fbdbafd6e..45e0544b7 100644
--- a/data/templates/frr/bgpd.frr.tmpl
+++ b/data/templates/frr/bgpd.frr.tmpl
@@ -17,6 +17,12 @@
{% endif %}
{% if config.bfd is defined %}
neighbor {{ neighbor }} bfd
+{% if config.bfd.check_control_plane_failure is defined %}
+ neighbor {{ neighbor }} bfd check-control-plane-failure
+{% endif %}
+{% if config.bfd.profile is defined and config.bfd.profile is not none %}
+ neighbor {{ neighbor }} bfd profile {{ config.bfd.profile }}
+{% endif %}
{% endif %}
{% if config.capability is defined and config.capability is not none %}
{% if config.capability.dynamic is defined %}
@@ -140,6 +146,17 @@
{% if afi_config.as_override is defined %}
neighbor {{ neighbor }} as-override
{% endif %}
+{% if afi_config.conditionally_advertise is defined and afi_config.conditionally_advertise is not none %}
+{% if afi_config.conditionally_advertise.advertise_map is defined and afi_config.conditionally_advertise.advertise_map is not none %}
+{% set exist_non_exist_map = 'exist-map' %}
+{% if afi_config.conditionally_advertise.exist_map is defined and afi_config.conditionally_advertise.exist_map is not none %}
+{% set exist_non_exist_map = 'exist-map ' ~ afi_config.conditionally_advertise.exist_map %}
+{% elif afi_config.conditionally_advertise.non_exist_map is defined and afi_config.conditionally_advertise.non_exist_map is not none %}
+{% set exist_non_exist_map = 'non-exist-map ' ~ afi_config.conditionally_advertise.non_exist_map %}
+{% endif %}
+ neighbor {{ neighbor }} advertise-map {{ afi_config.conditionally_advertise.advertise_map }} {{ exist_non_exist_map }}
+{% endif %}
+{% endif %}
{% if afi_config.remove_private_as is defined %}
neighbor {{ neighbor }} remove-private-AS
{% endif %}
@@ -469,6 +486,11 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% if parameters.cluster_id is defined and parameters.cluster_id is not none %}
bgp cluster-id {{ parameters.cluster_id }}
{% endif %}
+{% if parameters.conditional_advertisement is defined and parameters.conditional_advertisement is not none %}
+{% if parameters.conditional_advertisement.timer is defined and parameters.conditional_advertisement.timer is not none %}
+ bgp conditional-advertisement timer {{ parameters.conditional_advertisement.timer }}
+{% endif %}
+{% endif %}
{% if parameters.confederation is defined and parameters.confederation is not none %}
{% if parameters.confederation.identifier is defined and parameters.confederation.identifier is not none %}
bgp confederation identifier {{ parameters.confederation.identifier }}
@@ -499,6 +521,9 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% endfor %}
{% endif %}
{% endif %}
+{% if parameters.fast_convergence is defined %}
+ bgp fast-convergence
+{% endif %}
{% if parameters.graceful_restart is defined %}
bgp graceful-restart {{ 'stalepath-time ' ~ parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }}
{% endif %}
@@ -508,6 +533,9 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% if parameters.log_neighbor_changes is defined %}
bgp log-neighbor-changes
{% endif %}
+{% if parameters.minimum_holdtime is defined and parameters.minimum_holdtime is not none %}
+ bgp minimum-holdtime {{ parameters.minimum_holdtime }}
+{% endif %}
{% if parameters.network_import_check is defined %}
bgp network import-check
{% endif %}
@@ -517,11 +545,20 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
{% if parameters.no_fast_external_failover is defined %}
no bgp fast-external-failover
{% endif %}
+{% if parameters.reject_as_sets is defined %}
+ bgp reject-as-sets
+{% endif %}
{% if parameters.router_id is defined and parameters.router_id is not none %}
bgp router-id {{ parameters.router_id }}
{% endif %}
+{% if parameters.shutdown is defined %}
+ bgp shutdown
+{% endif %}
+{% if parameters.suppress_fib_pending is defined %}
+ bgp suppress-fib-pending
+{% endif %}
{% endif %}
{% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %}
timers bgp {{ timers.keepalive }} {{ timers.holdtime }}
{% endif %}
-exit \ No newline at end of file
+exit
diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl
index fc0799e02..b1e3f825b 100644
--- a/data/templates/frr/isisd.frr.tmpl
+++ b/data/templates/frr/isisd.frr.tmpl
@@ -6,6 +6,9 @@ interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
ipv6 router isis VyOS
{% if iface_config.bfd is defined %}
isis bfd
+{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %}
+ isis bfd profile {{ iface_config.bfd.profile }}
+{% endif %}
{% endif %}
{% if iface_config.network is defined and iface_config.network.point_to_point is defined %}
isis network point-to-point
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index 0a5411552..537ea4025 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -2,69 +2,69 @@
{% if ldp is defined %}
mpls ldp
{% if ldp.router_id is defined %}
-router-id {{ ldp.router_id }}
+ router-id {{ ldp.router_id }}
{% endif %}
{% if ldp.parameters is defined %}
{% if ldp.parameters.cisco_interop_tlv is defined %}
-dual-stack cisco-interop
+ dual-stack cisco-interop
{% endif %}
{% if ldp.parameters.transport_prefer_ipv4 is defined%}
-dual-stack transport-connection prefer ipv4
+ dual-stack transport-connection prefer ipv4
{% endif %}
{% if ldp.parameters.ordered_control is defined%}
-ordered-control
+ ordered-control
{% endif %}
{% endif %}
{% if ldp.neighbor is defined %}
{% for neighbors in ldp.neighbor %}
{% if ldp.neighbor[neighbors].password is defined %}
-neighbor {{neighbors}} password {{ldp.neighbor[neighbors].password}}
+ neighbor {{ neighbors }} password {{ ldp.neighbor[neighbors].password }}
{% endif %}
{% if ldp.neighbor[neighbors].ttl_security is defined %}
{% if 'disable' in ldp.neighbor[neighbors].ttl_security %}
-neighbor {{neighbors}} ttl-security disable
+ neighbor {{ neighbors }} ttl-security disable
{% else %}
-neighbor {{neighbors}} ttl-security hops {{ldp.neighbor[neighbors].ttl_security}}
+ neighbor {{ neighbors }} ttl-security hops {{ ldp.neighbor[neighbors].ttl_security }}
{% endif %}
{% endif %}
{% if ldp.neighbor[neighbors].session_holdtime is defined %}
-neighbor {{neighbors}} session holdtime {{ldp.neighbor[neighbors].session_holdtime}}
+ neighbor {{ neighbors }} session holdtime {{ ldp.neighbor[neighbors].session_holdtime }}
{% endif %}
{% endfor %}
{% endif %}
-!
+ !
{% if ldp.discovery is defined %}
{% if ldp.discovery.transport_ipv4_address is defined %}
-address-family ipv4
+ address-family ipv4
{% if ldp.allocation is defined %}
{% if ldp.allocation.ipv4 is defined %}
{% if ldp.allocation.ipv4.access_list is defined %}
-label local allocate for {{ ldp.allocation.ipv4.access_list }}
+ label local allocate for {{ ldp.allocation.ipv4.access_list }}
{% endif %}
{% endif %}
{% else %}
-label local allocate host-routes
+ label local allocate host-routes
{% endif %}
{% if ldp.discovery.transport_ipv4_address is defined %}
-discovery transport-address {{ ldp.discovery.transport_ipv4_address }}
+ discovery transport-address {{ ldp.discovery.transport_ipv4_address }}
{% endif %}
{% if ldp.discovery.hello_ipv4_holdtime is defined %}
-discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }}
+ discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }}
{% endif %}
{% if ldp.discovery.hello_ipv4_interval is defined %}
-discovery hello interval {{ ldp.discovery.hello_ipv4_interval }}
+ discovery hello interval {{ ldp.discovery.hello_ipv4_interval }}
{% endif %}
{% if ldp.discovery.session_ipv4_holdtime is defined %}
-session holdtime {{ ldp.discovery.session_ipv4_holdtime }}
+ session holdtime {{ ldp.discovery.session_ipv4_holdtime }}
{% endif %}
{% if ldp.import is defined %}
{% if ldp.import.ipv4 is defined %}
{% if ldp.import.ipv4.import_filter is defined %}
{% if ldp.import.ipv4.import_filter.filter_access_list is defined %}
{% if ldp.import.ipv4.import_filter.neighbor_access_list is defined %}
-label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} from {{ ldp.import.ipv4.import_filter.neighbor_access_list }}
+ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} from {{ ldp.import.ipv4.import_filter.neighbor_access_list }}
{% else %}
-label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
+ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
{% endif %}
{% endif %}
{% endif %}
@@ -73,14 +73,14 @@ label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }}
{% if ldp.export is defined %}
{% if ldp.export.ipv4 is defined %}
{% if ldp.export.ipv4.explicit_null is defined %}
-label local advertise explicit-null
+ label local advertise explicit-null
{% endif %}
{% if ldp.export.ipv4.export_filter is defined %}
{% if ldp.export.ipv4.export_filter.filter_access_list is defined %}
{% if ldp.export.ipv4.export_filter.neighbor_access_list is defined %}
-label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} to {{ ldp.export.ipv4.export_filter.neighbor_access_list }}
+ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} to {{ ldp.export.ipv4.export_filter.neighbor_access_list }}
{% else %}
-label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
+ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
{% endif %}
{% endif %}
{% endif %}
@@ -88,59 +88,59 @@ label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }}
{% endif %}
{% if ldp.targeted_neighbor is defined %}
{% if ldp.targeted_neighbor.ipv4.enable is defined %}
-discovery targeted-hello accept
+ discovery targeted-hello accept
{% endif %}
{% if ldp.targeted_neighbor.ipv4.hello_holdtime is defined %}
-discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }}
+ discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }}
{% endif %}
{% if ldp.targeted_neighbor.ipv4.hello_interval is defined %}
-discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }}
+ discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }}
{% endif %}
{% for addresses in ldp.targeted_neighbor.ipv4.address %}
-neighbor {{addresses}} targeted
+ neighbor {{addresses}} targeted
{% endfor %}
{% endif %}
{% for interfaces in ldp.interface %}
-interface {{interfaces}}
+ interface {{interfaces}}
{% endfor %}
-exit-address-family
+ exit-address-family
{% else %}
-no address-family ipv4
+ no address-family ipv4
{% endif %}
{% endif %}
-!
+ !
{% if ldp.discovery is defined %}
{% if ldp.discovery.transport_ipv6_address is defined %}
-address-family ipv6
+ address-family ipv6
{% if ldp.allocation is defined %}
{% if ldp.allocation.ipv6 is defined %}
{% if ldp.allocation.ipv6.access_list6 is defined %}
-label local allocate for {{ ldp.allocation.ipv6.access_list6 }}
+ label local allocate for {{ ldp.allocation.ipv6.access_list6 }}
{% endif %}
{% endif %}
{% else %}
-label local allocate host-routes
+ label local allocate host-routes
{% endif %}
{% if ldp.discovery.transport_ipv6_address is defined %}
-discovery transport-address {{ ldp.discovery.transport_ipv6_address }}
+ discovery transport-address {{ ldp.discovery.transport_ipv6_address }}
{% endif %}
{% if ldp.discovery.hello_ipv6_holdtime is defined %}
-discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }}
+ discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }}
{% endif %}
{% if ldp.discovery.hello_ipv6_interval is defined %}
-discovery hello interval {{ ldp.discovery.hello_ipv6_interval }}
+ discovery hello interval {{ ldp.discovery.hello_ipv6_interval }}
{% endif %}
{% if ldp.discovery.session_ipv6_holdtime is defined %}
-session holdtime {{ ldp.discovery.session_ipv6_holdtime }}
+ session holdtime {{ ldp.discovery.session_ipv6_holdtime }}
{% endif %}
{% if ldp.import is defined %}
{% if ldp.import.ipv6 is defined %}
{% if ldp.import.ipv6.import_filter is defined %}
{% if ldp.import.ipv6.import_filter.filter_access_list6 is defined %}
{% if ldp.import.ipv6.import_filter.neighbor_access_list6 is defined %}
-label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} from {{ ldp.import.ipv6.import_filter.neighbor_access_list6 }}
+ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} from {{ ldp.import.ipv6.import_filter.neighbor_access_list6 }}
{% else %}
-label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
+ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
{% endif %}
{% endif %}
{% endif %}
@@ -149,14 +149,14 @@ label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }}
{% if ldp.export is defined %}
{% if ldp.export.ipv6 is defined %}
{% if ldp.export.ipv6.explicit_null is defined %}
-label local advertise explicit-null
+ label local advertise explicit-null
{% endif %}
{% if ldp.export.ipv6.export_filter is defined %}
{% if ldp.export.ipv6.export_filter.filter_access_list6 is defined %}
{% if ldp.export.ipv6.export_filter.neighbor_access_list6 is defined %}
-label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} to {{ ldp.export.ipv6.export_filter.neighbor_access_list6 }}
+ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} to {{ ldp.export.ipv6.export_filter.neighbor_access_list6 }}
{% else %}
-label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }}
+ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }}
{% endif %}
{% endif %}
{% endif %}
@@ -164,24 +164,27 @@ label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }
{% endif %}
{% if ldp.targeted_neighbor is defined %}
{% if ldp.targeted_neighbor.ipv6.enable is defined %}
-discovery targeted-hello accept
+ discovery targeted-hello accept
{% endif %}
{% if ldp.targeted_neighbor.ipv6.hello_holdtime is defined %}
-discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }}
+ discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }}
{% endif %}
{% if ldp.targeted_neighbor.ipv6.hello_interval is defined %}
-discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }}
+ discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }}
{% endif %}
{% for addresses in ldp.targeted_neighbor.ipv6.address %}
-neighbor {{addresses}} targeted
+ neighbor {{addresses}} targeted
{% endfor %}
{% endif %}
{% for interfaces in ldp.interface %}
-interface {{interfaces}}
+ interface {{interfaces}}
{% endfor %}
-exit-address-family
+ exit-address-family
{% else %}
-no address-family ipv6
+ no address-family ipv6
{% endif %}
+ !
{% endif %}
+exit
{% endif %}
+!
diff --git a/data/templates/frr/ospf6d.frr.tmpl b/data/templates/frr/ospf6d.frr.tmpl
index 10a6d9b4b..c366326bf 100644
--- a/data/templates/frr/ospf6d.frr.tmpl
+++ b/data/templates/frr/ospf6d.frr.tmpl
@@ -25,6 +25,9 @@ interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% endif %}
{% if iface_config.bfd is defined %}
ipv6 ospf6 bfd
+{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %}
+ ipv6 ospf6 bfd profile {{ iface_config.bfd.profile }}
+{% endif %}
{% endif %}
{% if iface_config.mtu_ignore is defined %}
ipv6 ospf6 mtu-ignore
diff --git a/data/templates/frr/ospfd.frr.tmpl b/data/templates/frr/ospfd.frr.tmpl
index a7b770f07..af66baf53 100644
--- a/data/templates/frr/ospfd.frr.tmpl
+++ b/data/templates/frr/ospfd.frr.tmpl
@@ -42,6 +42,9 @@ interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% endif %}
{% if iface_config.bfd is defined %}
ip ospf bfd
+{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %}
+ ip ospf bfd profile {{ iface_config.bfd.profile }}
+{% endif %}
{% endif %}
{% if iface_config.mtu_ignore is defined %}
ip ospf mtu-ignore
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 9d73baeee..ac9203e83 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -44,7 +44,11 @@ server {
# proxy settings for HTTP API, if enabled; 503, if not
location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
{% if server.api %}
+{% if server.api.socket %}
+ proxy_pass http://unix:/run/api.sock;
+{% else %}
proxy_pass http://localhost:{{ server.api.port }};
+{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl
new file mode 100644
index 000000000..824b1ba3b
--- /dev/null
+++ b/data/templates/https/override.conf.tmpl
@@ -0,0 +1,15 @@
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+
+[Service]
+ExecStartPre=
+ExecStartPre={{vrf_command}}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
+ExecStart=
+ExecStart={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;'
+ExecReload=
+ExecReload={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl
index 1c183bb20..11fc76769 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/netflow/uacctd.conf.tmpl
@@ -68,5 +68,8 @@ sfprobe_agentip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['agent-addr
{% if templatecfg['sflow']['sampling-rate'] != none %}
sampling_rate[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['sampling-rate'] }}
{% endif %}
+{% if templatecfg['sflow']['source-address'] != none %}
+sfprobe_source_ip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['source-address'] }}
+{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl
index b4824a994..b93aa4bc9 100644
--- a/data/templates/vrrp/keepalived.conf.tmpl
+++ b/data/templates/vrrp/keepalived.conf.tmpl
@@ -5,9 +5,6 @@
global_defs {
dynamic_interfaces
script_user root
- # Don't run scripts configured to be run as root if any part of the path
- # is writable by a non-root user.
- enable_script_security
notify_fifo /run/keepalived/keepalived_notify_fifo
notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}